Creating a Server 2012 Golden Image with Sysprep and VMWare Workstation

https://willcode4foodblog.wordpress.com/2013/03/20/creating-a-server-2012-golden-image-with-sysprep-and-vmware-workstation/

https://willcode4foodblog.wordpress.com/2013/03/22/creating-a-server-2012-golden-image-with-sysprep-and-vmware-workstation-part-2-of-2/

Ready…Set…Syspr-WAIT!

In my last post, I walked through how I got my “Golden Image” ready for Sysprep by updating through Windows Updates, and also went through and customized the system to my preferences, including adding BGInfo and getting my icons in place.

Now before we begin, there’s one last thing we want to do before we Sysprep this system…


“I just spent a good amount of time customizing my environment, and if I Sysprep the system…won’t it wipe out the profile settings?”

By default, yes it would. But we can add a couple items to an XML file and make sure all those settings stay with the image after being Sysprepped…

CopyProfile Setting

So according to TechNet, there is a setting called CopyProfile that can be overridden from it’s default (false) by using a special XML tag in the unattend file.
Note:
If you want these settings to be copied to default the easiest way is to be logged on as THE “Administrator” account. Once logged in, make your customizations, then proceed.

Hrmmm…lets use this simple “Autoattend.xml” file below as our test.  You can add many other options, but we’re doing only a little bit since we wanna keep the code short and get to the point:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
<?xml version="1.0" encoding="utf-8"?>
<unattend xmlns="urn:schemas-microsoft-com:unattend">
<settings pass="oobeSystem">
    <component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
        <InputLocale>en-US</InputLocale>
        <SystemLocale>en-US</SystemLocale>
        <UILanguage>en-US</UILanguage>
        <UILanguageFallback>en-US</UILanguageFallback>
        <UserLocale>en-US</UserLocale>
    </component>
    <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
        <OOBE>
            <HideEULAPage>true</HideEULAPage>
            <NetworkLocation>Work</NetworkLocation>
            <ProtectYourPC>1</ProtectYourPC>
        </OOBE>
        <TimeZone>Pacific Standard Time</TimeZone>
    </component>
</settings>
<settings pass="specialize">
    <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
        <ProductKey>XXXXX-XXXXX-XXXXX-XXXXX-XXXXX</ProductKey>
        <CopyProfile>true</CopyProfile>
    </component>
</settings>
</unattend>

Placing the Autounattend.xml file

Take the code above (and of course put in your own key and other settings as you would wish) and place it in the same directory as the sysprep executable: C:\Windows\System32\Sysprep (shown below):

Running Sysprep

Once I had my unattend.xml file in place, I opened up an administrative command prompt via the Server 2012 shortcut key Win+X. This opens up little “Power User” menu that you can easily access some common tools for the everyday Systems Administrator (shown below):

server2012_winX

Then I ran the fateful command, held my breath, and prayed:

commandForSysprep

DID IT WORK!??!?!?

So now the test. I just flat straight up copied that sumbitch to another location on a different drive.

Now I wanna be able to keep track of these VMs as I clone them, so I’m gonna edit the settings of my freshly copied clone in VMWare Workstation to “DEVSQL12” (shown below):

Next, when I powered it up, I was asked if this was moved or copied, and I selected “I copied it” (shown below):

This is a good sign, it’s asking me for a new admin password…

VOILA! My new server ready to roll and freshly updated and customized!!!

All Done!!

Now you can copy this Golden Template off into new folders, fire it up, and you have a new, updated server ready for config!!! That’s it! This was just a quick tutorial. Hopefully it helps set the stage for you to get familiar with Windows Server 2012, while at the same time guides you in finding your way around quickly to set up some of the features and custom settings you want with minimal headache.

Till next time!!

Disable autorun Win7

http://www.thewindowsclub.com/enable-disable-autoplay-windows

Registry Editor

The same can also be achieved by editing the Registry. Run regedit and navigate to

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

In the RHS, you will see dword NoDriveTypeAutoRun. You will see default value 60 or 3C. Right-click on it and give it a decimal value 255 (or Hexadecimal value 000000FF). Exit regedit. Reboot. This will disable AutoRun on all drives.

 

How-to-build-a-windows-10-image-using-sysprep-and-customize-the-default-profile

http://theitbros.com/sysprep-windows-10-machine-guide/

https://www.tenforums.com/tutorials/3020-customize-windows-10-image-audit-mode-sysprep.html

http://www.urtech.ca/2015/12/solved-how-to-build-a-windows-10-image-using-sysprep-and-customize-the-default-profile/

Windows 10 and 8 use a substantially different process to create images than what I had used in Windows XP and 7.  Fortunately it is not rocket science.  The four big differences are:

  1. You MUST remove the ‘Modern apps’ (anything from the ‘Store’) from the profile you are using to create your image
  2. If you want to modify the DEFAULT PROFILE, you MUST modify your current profile and then use <CopyProfile>true</CopyProfile> in a command line call to SYSPREP
  3. If you are using Windows 10 TH2 or newer you can use a Windows 7 or 8 license key.
    1. This is particularly handy for those Windows 8 PC’s that have the Key embedded in the BIOS
    2. During the install, just click SKIP THIS STEP on the ENTER PRODUCT KEY SCREEN and it will activate by itself after the desktop appears
    3. Keep in mind that OEM Windows 8 Pro Keys that are in the BIOS are NOT upgradable to Windows 10 ENTERPRISE.
  4. You CANNOT use an upgraded version of Windows 10 with SYSPREP
    1. This means if you installed the July 2015 release build and then upgraded it to TH2, SYSPREP will fail.
    2. The easy answer is to just use the LATEST (yes, they are different for each build) version of the Windows 10 Media Creation Tool

So lets get to it.

  1. Download the LATEST (yes, they are different for each build) version of the Windows 10 Media Creation Tool
  2. Install it on a reference PC
  3. Install all of the software you want on the machine
    1. A word of caution is that I would not launch any of that software after it is installed as you want it to be fresh and you never know if SYSPREP is going to clear out the settings for third party software
  4. Run Windows Update and patch everything (again making sure that you do not get a new BUILD of Windows)
  5. Customize the desktop of the current user and note:

    What CAN be modified:
    > Windows wallpaper, icons, theme, colors and sounds
    > Screensaver
    > Taskbar location (bottom, left, top, right)
    > File Explorer settings like icon spacing, ribbon ON / OFF, hide / show hidden items, view as, group / sort, additional panes and so on
    > Desktop icon spacing and size
    > Software installed now will be available to all users

    What can’t be modified:
    > Pinned icons (Taskbar and Start) will not be copied to default profile (UPDATE: DEC 28, 2015 – I have found that non-‘Store’ apps such as Word, Excel, Acrobat, Notepad++ CAN be successfully pinned to the START menu as part of the default image)
    > Start Menu and Start Screen will remain default, cannot be modified

    Thank you to TENFORUMS for this note.

  6. Launch a POWERSHELL as an ADMIN and run Get-AppxPackage -AllUsers | Remove-AppxPackage
  7. Download and unzip THIS simple unattend file for you SYSPREP or make your own using WAIK
  8. Copy the UNATTEND.XML to your C:\
  9. Open a CMD PROMPT as an Administrator
  10. CD into the C:\WINDOWS\SYSTEM32\SYSPREP folder
  11. Paste in this command

    sysprep /oobe /generalize /shutdown /unattend:C:\unattend.xml

  12. Power the machine up when it is done, PXE boot off the network and push the image to your Windows Deployment Services WDS server

Thanks to Jason Jiang of Microsoft Partner Support and the following reference sites who helped me develop this process:

http://www.tenforums.com/tutorials/3020-windows-10-image-customize-audit-mode-sysprep.html

http://www.tenforums.com/tutorials/4689-apps-uninstall-windows-10-a.html

https://support.microsoft.com/en-us/kb/2769827

https://4sysops.com/archives/remove-provisioned-built-in-apps-in-windows-10/

http://www.ghacks.net/2013/08/20/how-to-remove-all-windows-8-apps-using-powershell/

http://superuser.com/questions/942418/how-do-you-forcefully-remove-apps-in-windows-10

http://www.experts-exchange.com/articles/21679/Windows-10-Sysprep-Guide.html

http://blogs.technet.com/b/mniehaus/archive/2015/11/11/removing-windows-10-in-box-apps-during-a-task-sequence.aspx

If you are reading this post, you might also be interested in our simple fix for How to Solve Windows Could Not Complete The Installation Windows, error that can occur after a SysPrep.

Auto generate unattend.xml file: http://windowsafg.no-ip.org/win10x86_x64.html

 

c:\windows\system32\sysprep /oobe /generalize /shutdown
/unattend:unattend.xml

WinPE: Store or split images to deploy Windows using a single USB drive

https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/winpe–use-a-single-usb-key-for-winpe-and-a-wim-file—wim

How can you deploy Windows to PCs with just one USB port?

The default Windows Preinstallation Environment (WinPE) drive format, FAT32, is used to boot UEFI-based PCs, but that’s too small to store most Windows images:

  • FAT32 has a maximum file size of 4GB in size. Most customized Windows images are over 4GB.
  • FAT32 has a maximum partition size of 32GB. Some Windows images are larger than 32GB.

    (You can still use a 64GB or 128GB USB key, but you have to format it to use only uses 32GB of its space.)

Here’s a few ways around these limitations:

Option 1: Create a multiple partition USB drive

Starting with Windows 10, Version 1703, you can create multiple partitions on USB drives. To work with a USB drive with multiple partitions, both your technician PC and WinPE have to be Windows 10, Version 1703.

Create a USB drive with WinPE and data partitions

  1. Start the Deployment and Imaging Tools Environment as an administrator.
  2. Type diskpart and press Enter.
  3. Use Diskpart to reformat the drive and create two new partitions for WinPE and for your images:

 

  • List disk
    select disk X    (where X is your USB drive)
    clean
    create partition primary size=2048
    active
    format fs=FAT32 quick label="WinPE"
    assign letter=P
    create partition primary
    format fs=NTFS quick label="Images"
    assign letter=I  
    Exit
    
  • Copy the WinPE files to the WinPE partition:
  • copype amd64 C:\WinPE_amd64
    xcopy C:\WinPE_amd64\media P:\ /s
    
  • Copy the Windows image file to the Images partition:

 

  1. xcopy C:\Images\install.wim I:\install.wim
    

Option 2: Store the image on a separate USB drive

If you are using Windows 10, Version 1607 or earlier and your PC only has one USB port, you can still deploy Windows using two separate USB keys.

  1. Boot to WinPE.
  2. Remove the WinPE drive. (After booting, WinPE runs in memory.)
  3. Plug in a separate storage drive with your image and apply it to the device.

Option 3: Store the image on a network location

  1. Copy the image to a server on your network, for example, \\server\share\install.wim
  2. Boot to WinPE.
  3. Connect a network drive using a drive letter, for example, N.

 

  • net use N: \\server\share
    
  • Apply the image from the network.

 

  1. Dism /apply-image /imagefile:N:\install.wim /index:1 /applydir:D:\
    

Option 4: Split the image

Limitations:

  • Windows Setup doesn’t support installing from a split .wim file for Windows 10.
  • You can’t modify a split .wim file.
  • To use a 64GB or 128GB key, format it to only use 32GB of space.
  • For images larger than 32GB, you need a second USB key because of the FAT32 partition size limitation.
  1. From your technician PC, create your WinPE key. See WinPE: Create USB Bootable drive.
  2. Open the Deployment and Imaging Tools Environment as an adminstrator.
  3. Split the Windows image into files smaller than 4GB each:

 

  • Dism /Split-Image /ImageFile:C:\install.wim /SWMFile:C:\images\install.swm /FileSize:4000
    

    where:

    • C:\images\install.wim is the name and the location of the image file that you want to split.
    • D:\images\install.swm is the destination name and the location for the split .wim files.
    • 4000 is the maximum size in MB for each of the split .wim files to be created.

    In this example, the /split option creates an install.swm file, an install2.swm file, an install3.swm file, and so on, in the D:\Images directory.

  • Copy the files to the WinPE key.
  • On the destination PC, boot to WinPE, and then apply an image using DISM /Apply-Image /SWMFile command.

 

Windows 10 bootable USB Stick with UEFI support

https://haukeberg.wordpress.com/2015/07/29/windows-10-bootable-usb-stick-with-uefi-support/

Requirements:

  • 4 Gb USB stick/flash drive
  • Windows 10 Pro/Enterprise/Education Installation files (either their own image, MSDN or from the Volume Licensing website)
  • A PC or tablet!
Make a bootable USB flash drive using DISKPARTRun CMD.EXE as an administrator (Win-X then A), then run DISKPART with the following commands (not case-sensitive):
Command What it does
LIST DISK                 Shows all mounted disks.  Find your USB flash
SELECT DISK n          Selects the disk that future commands will use.  Replace ‘n’ with the disk # for your USB flash drive.NOTE:  Be careful that you don’t select your hard disk!  The next command will wipe the selected drive clean.
CLEAN Erases all previous partition & volume information on the flash drive.
CREATE PARTITION PRIMARY    Partitions the flash drive as one partition for the whole drive.
SELECT PARTITION 1          Selects the new partition so future commands will operate on it.
ACTIVE                    Marks the new partition as active so the BIOS/UEFI can boot to it.
FORMAT FS=FAT32  QUICK        Formats the partition as FAT32.(NOT NTFS!)  EXTREMELY IMPORTANT!
ASSIGN                   Assigns a drive letter to the flash drive.
EXIT                        Exits DISKPART

At this point your USB drive is formatted.  DO NOT format the drive with Windows Explorer orformat.com; you will not be able to boot from it.

Simply Copy files to the USB Drive and Prep the Windows 10 Image on the USB drive.1. Copy Files

  • Use File Explorer

or

  • Copy files using (use XCOPY or ROBOCOPY) both of which are available in Windows 7/8/10.robocopy <source directory> <usb flash drive root directory> /mir
  • Example:  robocopy d:\Win10Files e:\ /mir
    (Change the destination to the folder that you have extracted Windows image on disk)

2. Prep the USB using CMD

  • Run CMD
  • Go to the directory where your winfiles are
  • cd boot (e.g. c:\win10pro\boot\)
    bootsect /nt60 X: (X is the drive latter of your USB drive )

 

Booting from the USB drive:Method 1: 

  1. Enter UEFI/BIOS Screen
  2. Set to boot from USB
  3. Disable Secure Boot

Method 2

  1. Press Windows Key + R
  2. Enter : shutdown.exe /r /o /f /t 00
  3. After the system restarts – Click boot from another device
  4. Select USB device
Install Windows 10Go through normal Windows 10
Finishing up

  • Go back into the BIOS / UEFI and re-enable secure boot
  • Run Windows Update to get latest updates
  • Congratulations! – You are running Windows 10

 

 

Or user Ruckus

Create a Windows 10 reference image – MDT

https://docs.microsoft.com/en-us/windows/deployment/deploy-windows-mdt/create-a-windows-10-reference-image

Creating a reference image is important because that image serves as the foundation for the devices in your organization. In this topic, you will learn how to create a Windows 10 reference image using the Microsoft Deployment Toolkit (MDT). You will create a deployment share, configure rules and settings, and import all the applications and operating system files required to build a Windows 10 reference image. After completing the steps outlined in this topic, you will have a Windows 10 reference image that can be used in your deployment solution. For the purposes of this topic, we will use four machines: DC01, MDT01, HV01, and PC0001. DC01 is a domain controller, PC0001 is a Windows 10 Enterprise x64 client, and MDT01 is a Windows Server 2012 R2 standard server. HV01 is a Hyper-V host server, but HV01 could be replaced by PC0001 as long as PC0001 has enough memory and is capable of running Hyper-V. MDT01, HV01, and PC0001 are members of the domain contoso.com for the fictitious Contoso Corporation.

Note
For important details about the setup for the steps outlined in this article, please see Deploy Windows 10 with the Microsoft Deployment Toolkit.

figure 1

Figure 1. The machines used in this topic.

The reference image

The reference image described in this documentation is designed primarily for deployment to physical machines. However, the reference image is created on a virtual platform, before being automatically run through the System Preparation (Sysprep) tool process and captured to a Windows Imaging (WIM) file. The reasons for creating the reference image on a virtual platform are the following:

  • You reduce development time and can use snapshots to test different configurations quickly.
  • You rule out hardware issues. You simply get the best possible image, and if you have a problem, it’s not likely to be hardware related.
  • It ensures that you won’t have unwanted applications that could be installed as part of a driver install but not removed by the Sysprep process.
  • It’s easy to move between lab, test, and production.

Set up the MDT build lab deployment share

With Windows 10, there is no hard requirement to create reference images; however, to reduce the time needed for deployment, you may want to create a reference image that contains a few base applications as well as all of the latest updates. This section will show you how to create and configure the MDT Build Lab deployment share to create a Windows 10 reference image. Because reference images will be deployed only to virtual machines during the creation process and have specific settings (rules), you should always create a separate deployment share specifically for this process.

Create the MDT build lab deployment share

  • On MDT01, log on as Administrator in the CONTOSO domain using a password of P@ssw0rd.
  • Using the Deployment Workbench, right-click Deployment Shares and select New Deployment Share.
  • Use the following settings for the New Deployment Share Wizard:
  • Deployment share path: E:\MDTBuildLab
  • Share name: MDTBuildLab$
  • Deployment share description: MDT Build Lab
  • <default>
  • Verify that you can access the \\MDT01\MDTBuildLab$ share.

figure 2

Figure 2. The Deployment Workbench with the MDT Build Lab deployment share created.

Configure permissions for the deployment share

In order to write the reference image back to the deployment share, you need to assign Modify permissions to the MDT Build Account (MDT_BA) for the Captures subfolder in the E:\MDTBuildLab folder

  1. On MDT01, log on as CONTOSO\Administrator.
  2. Modify the NTFS permissions for the E:\MDTBuildLab\Captures folder by running the following command in an elevated Windows PowerShell prompt:
    syntax
  1. icacls E:\MDTBuildLab\Captures /grant '"MDT_BA":(OI)(CI)(M)'
    

figure 3

Figure 3. Permissions configured for the MDT_BA user.

Add the setup files

This section will show you how to populate the MDT deployment share with the Windows 10 operating system source files, commonly referred to as setup files, which will be used to create a reference image. Setup files are used during the reference image creation process and are the foundation for the reference image.

Add the Windows 10 installation files

MDT supports adding both full source Windows 10 DVDs (ISOs) and custom images that you have created. In this case, you create a reference image, so you add the full source setup files from Microsoft.

Note
Due to the Windows limits on path length, we are purposely keeping the operating system destination directory short, using the folder name W10EX64RTM rather than a more descriptive name like Windows 10 Enterprise x64 RTM.

Add Windows 10 Enterprise x64 (full source)

In these steps we assume that you have copied the content of a Windows 10 Enterprise x64 ISO to the E:\Downloads\Windows 10 Enterprise x64 folder.

  1. On MDT01, log on as CONTOSO\Administrator.
  2. Using the Deployment Workbench, expand the Deployment Shares node, and then expand MDT Build Lab.
  3. Right-click the Operating Systems node, and create a new folder named Windows 10.
  4. Expand the Operating Systems node, right-click the Windows 10 folder, and select Import Operating System. Use the following settings for the Import Operating System Wizard:
  5. Full set of source files
  6. Source directory: E:\Downloads\Windows 10 Enterprise x64
  7. Destination directory name: W10EX64RTM
  8. After adding the operating system, in the Operating Systems / Windows 10 folder, double-click the added operating system name in the Operating System node and change the name to the following: Windows 10 Enterprise x64 RTM Default Image

figure 4

Figure 4. The imported Windows 10 operating system after renaming it.

Add applications

Before you create an MDT task sequence, you need to add all of the applications and other sample scripts to the MDT Build Lab share.

The steps in this section use a strict naming standard for your MDT applications. You add the “Install – ” prefix for typical application installations that run a setup installer of some kind, and you use the “Configure – ” prefix when an application configures a setting in the operating system. You also add an ” – x86″, ” – x64″, or “- x86-x64” suffix to indicate the application’s architecture (some applications have installers for both architectures). Using a script naming standard is always recommended when using MDT as it helps maintain order and consistency. By storing configuration items as MDT applications, it is easy to move these objects between various solutions, or between test and production environments. In this topic’s step-by-step sections, you will add the following applications:

  • Install – Microsoft Office 2013 Pro Plus – x86
  • Install – Microsoft Silverlight 5.0 – x64
  • Install – Microsoft Visual C++ 2005 SP1 – x86
  • Install – Microsoft Visual C++ 2005 SP1 – x64
  • Install – Microsoft Visual C++ 2008 SP1 – x86
  • Install – Microsoft Visual C++ 2008 SP1 – x64
  • Install – Microsoft Visual C++ 2010 SP1 – x86
  • Install – Microsoft Visual C++ 2010 SP1 – x64
  • Install – Microsoft Visual C++ 2012 Update 4 – x86
  • Install – Microsoft Visual C++ 2012 Update 4 – x64

In these examples, we assume that you downloaded the software in this list to the E:\Downloads folder. The first application is added using the UI, but because MDT supports Windows PowerShell, you add the other applications using Windows PowerShell.

Note
All the Microsoft Visual C++ downloads can be found on The latest supported Visual C++ downloads.

Create the install: Microsoft Office Professional Plus 2013 x86

You can customize Office 2013. In the volume license versions of Office 2013, there is an Office Customization Tool you can use to customize the Office installation. In these steps we assume you have copied the Office 2013 installation files to the E:\Downloads\Office2013 folder.

Add the Microsoft Office Professional Plus 2013 x86 installation files

After adding the Microsoft Office Professional Plus 2013 x86 application, you then automate its setup by running the Office Customization Tool. In fact, MDT detects that you added the Office Professional Plus 2013 x86 application and creates a shortcut for doing this. You also can customize the Office installation using a Config.xml file. But we recommend that you use the Office Customization Tool as described in the following steps, as it provides a much richer way of controlling Office 2013 settings.

  1. Using the Deployment Workbench in the MDT Build Lab deployment share, expand the Applications / Microsoft node, and double-click Install – Microsoft Office 2013 Pro Plus x86.
  2. In the Office Products tab, click Office Customization Tool, and click OK in the Information dialog box.

    figure 5

    Figure 5. The Install – Microsoft Office 2013 Pro Plus – x86 application properties.

    Note
    If you don’t see the Office Products tab, verify that you are using a volume license version of Office. If you are deploying Office 365, you need to download the Admin folder from Microsoft.

  3. In the Office Customization Tool dialog box, select the Create a new Setup customization file for the following product option, select the Microsoft Office Professional Plus 2013 (32-bit) product, and click OK.
  4. Use the following settings to configure the Office 2013 setup to be fully unattended:
    1. Install location and organization name
      • Organization name: Contoso
    2. Licensing and user interface
      1. Select Use KMS client key
      2. Select I accept the terms in the License Agreement.
      3. Select Display level: None

      figure 6

      Figure 6. The licensing and user interface screen in the Microsoft Office Customization Tool

    3. Modify Setup properties
      • Add the SETUP_REBOOT property and set the value to Never.
    4. Modify user settings
      • In the Microsoft Office 2013 node, expand Privacy, select Trust Center, and enable the Disable Opt-in Wizard on first run setting.
  5. From the File menu, select Save, and save the configuration as 0_Office2013ProPlusx86.msp in the E:\MDTBuildLab\Applications\Install – Microsoft Office 2013 Pro Plus – x86\Updates folder.

    Note
    The reason for naming the file with a 0 (zero) at the beginning is that the Updates folder also handles Microsoft Office updates, and they are installed in alphabetical order. The Office 2013 setup works best if the customization file is installed before any updates.

  6. Close the Office Customization Tool, click Yes in the dialog box, and in the Install – Microsoft Office 2013 Pro Plus – x86 Properties window, click OK.

Connect to the deployment share using Windows PowerShell

If you need to add many applications, you can take advantage of the PowerShell support that MDT has. To start using PowerShell against the deployment share, you must first load the MDT PowerShell snap-in and then make the deployment share a PowerShell drive (PSDrive).

  1. On MDT01, log on as CONTOSO\Administrator.
  2. Import the snap-in and create the PSDrive by running the following commands in an elevated PowerShell prompt:
    syntax
  1. Import-Module "C:\Program Files\Microsoft Deployment Toolkit\bin\MicrosoftDeploymentToolkit.psd1"
    New-PSDrive -Name "DS001" -PSProvider MDTProvider -Root "E:\MDTBuildLab"
    

Create the install: Microsoft Visual C++ 2005 SP1 x86

In these steps we assume that you have downloaded Microsoft Visual C++ 2005 SP1 x86. You might need to modify the path to the source folder to reflect your current environment. In this example, the source path is set to E:\Downloads\VC++2005SP1x86.

  1. On MDT01, log on as CONTOSO\Administrator.
  2. Create the application by running the following commands in an elevated PowerShell prompt:
    syntax
  1. $ApplicationName = "Install - Microsoft Visual C++ 2005 SP1 - x86"
    $CommandLine = "vcredist_x86.exe /Q"
    $ApplicationSourcePath = "E:\Downloads\VC++2005SP1x86"
    Import-MDTApplication -Path "DS001:\Applications\Microsoft" -Enable "True" -Name $ApplicationName -ShortName $ApplicationName -Commandline $Commandline -WorkingDirectory ".\Applications\$ApplicationName" -ApplicationSourcePath $ApplicationSourcePath -DestinationFolder $ApplicationName 
    -Verbose
    

Create the install: Microsoft Visual C++ 2005 SP1 x64

In these steps we assume that you have downloaded Microsoft Visual C++ 2005 SP1 x64. You might need to modify the path to the source folder to reflect your current environment. In this example, the source path is set to E:\Downloads\VC++2005SP1x64.

  1. On MDT01, log on as CONTOSO\Administrator.
  2. Create the application by running the following commands in an elevated PowerShell prompt:
    syntax
  1. $ApplicationName = "Install - Microsoft Visual C++ 2005 SP1 - x64"
    $CommandLine = "vcredist_x64.exe /Q"
    $ApplicationSourcePath = "E:\Downloads\VC++2005SP1x64"
    Import-MDTApplication -Path "DS001:\Applications\Microsoft" -Enable "True" -Name $ApplicationName -ShortName $ApplicationName -Commandline $Commandline -WorkingDirectory ".\Applications\$ApplicationName" -ApplicationSourcePath $ApplicationSourcePath -DestinationFolder $ApplicationName 
    -Verbose
    

Create the install: Microsoft Visual C++ 2008 SP1 x86

In these steps we assume that you have downloaded Microsoft Visual C++ 2008 SP1 x86. You might need to modify the path to the source folder to reflect your current environment. In this example, the source path is set to E:\Downloads\VC++2008SP1x86.

  1. On MDT01, log on as CONTOSO\Administrator.
  2. Create the application by running the following commands in an elevated PowerShell prompt:
    syntax
  1. $ApplicationName = "Install - Microsoft Visual C++ 2008 SP1 - x86"
    $CommandLine = "vcredist_x86.exe /Q"
    $ApplicationSourcePath = "E:\Downloads\VC++2008SP1x86"
    Import-MDTApplication -Path "DS001:\Applications\Microsoft" -Enable "True" -Name $ApplicationName -ShortName $ApplicationName -Commandline $Commandline -WorkingDirectory ".\Applications\$ApplicationName" -ApplicationSourcePath $ApplicationSourcePath -DestinationFolder $ApplicationName 
    -Verbose
    

Create the install: Microsoft Visual C++ 2008 SP1 x64

In these steps we assume that you have downloaded Microsoft Visual C++ 2008 SP1 x64. You might need to modify the path to the source folder to reflect your current environment. In this example, the source path is set to E:\Downloads\VC++2008SP1x64.

  1. On MDT01, log on as CONTOSO\Administrator.
  2. Create the application by running the following commands in an elevated PowerShell prompt:
    syntax
  1. $ApplicationName = "Install - Microsoft Visual C++ 2008 SP1 - x64"
    $CommandLine = "vcredist_x64.exe /Q"
    $ApplicationSourcePath = "E:\Downloads\VC++2008SP1x64"
    Import-MDTApplication -Path "DS001:\Applications\Microsoft" -Enable "True" -Name $ApplicationName -ShortName $ApplicationName -Commandline $Commandline -WorkingDirectory ".\Applications\$ApplicationName" -ApplicationSourcePath $ApplicationSourcePath -DestinationFolder $ApplicationName 
    -Verbose
    

Create the install: Microsoft Visual C++ 2010 SP1 x86

In these steps we assume that you have downloaded Microsoft Visual C++ 2010 SP1 x86. You might need to modify the path to the source folder to reflect your current environment. In this example, the source path is set to E:\Downloads\VC++2010SP1x86.

  1. On MDT01, log on as CONTOSO\Administrator.
  2. Create the application by running the following commands in an elevated PowerShell prompt:
    syntax
  1. $ApplicationName = "Install - Microsoft Visual C++ 2010 SP1 - x86"
    $CommandLine = "vcredist_x86.exe /Q"
    $ApplicationSourcePath = "E:\Downloads\VC++2010SP1x86"
    Import-MDTApplication -Path "DS001:\Applications\Microsoft" -Enable "True" -Name $ApplicationName -ShortName $ApplicationName -CommandLine $CommandLine -WorkingDirectory ".\Applications\$ApplicationName" -ApplicationSourcePath $ApplicationSourcePath -DestinationFolder $ApplicationName 
    -Verbose
    

Create the install: Microsoft Visual C++ 2010 SP1 x64

In these steps we assume that you have downloaded Microsoft Visual C++ 2010 SP1 x64. You might need to modify the path to the source folder to reflect your current environment. In this example, the source path is set to E:\Downloads\VC++2010SP1x64.

  1. On MDT01, log on as CONTOSO\Administrator.
  2. Create the application by running the following commands in an elevated PowerShell prompt:
    syntax
  1. $ApplicationName = "Install - Microsoft Visual C++ 2010 SP1 - x64"
    $CommandLine = "vcredist_x64.exe /Q"
    $ApplicationSourcePath = "E:\Downloads\VC++2010SP1x64"
    Import-MDTApplication -Path "DS001:\Applications\Microsoft" -Enable "True" -Name $ApplicationName -ShortName $ApplicationName -CommandLine $CommandLine -WorkingDirectory ".\Applications\$ApplicationName" -ApplicationSourcePath $ApplicationSourcePath -DestinationFolder $ApplicationName 
    -Verbose
    

Create the install: Microsoft Visual C++ 2012 Update 4 x86

In these steps we assume that you have downloaded Microsoft Visual C++ 2012 Update 4 x86. You might need to modify the path to the source folder to reflect your current environment. In this example, the source path is set to E:\Downloads\VC++2012Ux86.

  1. On MDT01, log on as CONTOSO\Administrator.
  2. Create the application by running the following commands in an elevated PowerShell prompt:
    syntax
  1. $ApplicationName = "Install - Microsoft Visual C++ 2012 Update 4 - x86"
    $CommandLine = "vcredist_x86.exe /Q"
    $ApplicationSourcePath = "E:\Downloads\VC++2012Ux86"
    Import-MDTApplication -Path "DS001:\Applications\Microsoft" -Enable "True" -Name $ApplicationName -ShortName $ApplicationName -CommandLine $CommandLine -WorkingDirectory ".\Applications\$ApplicationName" -ApplicationSourcePath $ApplicationSourcePath -DestinationFolder $ApplicationName 
    -Verbose
    

Create the install: Microsoft Visual C++ 2012 Update 4 x64

In these steps we assume that you have downloaded Microsoft Visual C++ 2012 Update 4 x64. You might need to modify the path to the source folder to reflect your current environment. In this example, the source path is set to E:\Downloads\VC++2012Ux64.

  1. On MDT01, log on as CONTOSO\Administrator.
  2. Create the application by running the following commands in an elevated PowerShell prompt:
    syntax
  1. $ApplicationName = "Install - Microsoft Visual C++ 2012 Update 4 - x64"
    $CommandLine = "vcredist_x64.exe /Q"
    $ApplicationSourcePath = "E:\Downloads\VC++2012Ux64"
    Import-MDTApplication -Path "DS001:\Applications\Microsoft" -Enable "True" -Name $ApplicationName -ShortName $ApplicationName -CommandLine $CommandLine -WorkingDirectory ".\Applications\$ApplicationName" -ApplicationSourcePath $ApplicationSourcePath -DestinationFolder $ApplicationName 
    -Verbose
    

Create the reference image task sequence

In order to build and capture your Windows 10 reference image for deployment using MDT, you will create a task sequence. The task sequence will reference the operating system and applications that you previously imported into the MDT Build Lab deployment share to build a Windows 10 reference image. After creating the task sequence, you configure it to enable patching against the Windows Server Update Services (WSUS) server. The Task Sequence Windows Update action supports getting updates directly from Microsoft Update, but you get more stable patching if you use a local WSUS server. WSUS also allows for an easy process of approving the patches that you are deploying.

Drivers and the reference image

Because we use modern virtual platforms for creating our reference images, we don’t need to worry about drivers when creating reference images for Windows 10. We use Hyper-V in our environment, and Windows Preinstallation Environment (Windows PE) already has all the needed drivers built-in for Hyper-V.

Create a task sequence for Windows 10 Enterprise

To create a Windows 10 reference image task sequence, the process is as follows:

  1. Using the Deployment Workbench in the MDT Build Lab deployment share, right-click Task Sequences, and create a new folder named Windows 10.
  2. Expand the Task Sequences node, right-click the new Windows 10 folder and select New Task Sequence. Use the following settings for the New Task Sequence Wizard:
    1. Task sequence ID: REFW10X64-001
    2. Task sequence name: Windows 10 Enterprise x64 RTM Default Image
    3. Task sequence comments: Reference Build
    4. Template: Standard Client Task Sequence
    5. Select OS: Windows 10 Enterprise x64 RTM Default Image
    6. Specify Product Key: Do not specify a product key at this time
    7. Full Name: Contoso
    8. Organization: Contoso
    9. Internet Explorer home page: http://www.contoso.com
    10. Admin Password: Do not specify an Administrator Password at this time

Edit the Windows 10 task sequence

The steps below walk you through the process of editing the Windows 10 reference image task sequence to include the actions required to update the reference image with the latest updates from WSUS, install roles and features, and utilities, and install Microsoft Office 2013.

  1. In the Task Sequences / Windows 10 folder, right-click the Windows 10 Enterprise x64 RTM Default Image task sequence, and select Properties.
  2. On the Task Sequence tab, configure the Windows 10 Enterprise x64 RTM Default Image task sequence with the following settings:
    1. State Restore. Enable the Windows Update (Pre-Application Installation) action. Note
      Enable an action by going to the Options tab and clearing the Disable this step check box.
    2. State Restore. Enable the Windows Update (Post-Application Installation) action.
    3. State Restore. Enable the Windows Update (Post-Application Installation) action. State Restore. After the Tattoo action, add a new Group action with the following setting:
      • Name: Custom Tasks (Pre-Windows Update)
    4. State Restore. After Windows Update (Post-Application Installation) action, rename Custom Tasks to Custom Tasks (Post-Windows Update). Note
      The reason for adding the applications after the Tattoo action but before running Windows Update is simply to save time during the deployment. This way we can add all applications that will upgrade some of the built-in components and avoid unnecessary updating.
    5. State Restore / Custom Tasks (Pre-Windows Update). Add a new Install Roles and Features action with the following settings:
      1. Name: Install – Microsoft NET Framework 3.5.1
      2. Select the operating system for which roles are to be installed: Windows 8.1
      3. Select the roles and features that should be installed: .NET Framework 3.5 (includes .NET 2.0 and 3.0)

      Important
      This is probably the most important step when creating a reference image. Many applications need the .NET Framework, and we strongly recommend having it available in the image. The one thing that makes this different from other components is that .NET Framework 3.5.1 is not included in the WIM file. It is installed from the Sources\SxS folder on the media, and that makes it more difficult to add after the image has been deployed.

      figure 7

      Figure 7. The task sequence after creating the Custom Tasks (Pre-Windows Update) group and adding the Install – Microsoft NET Framework 3.5.1 action.

    6. State Restore – Custom Tasks (Pre-Windows Update). After the Install – Microsoft NET Framework 3.5.1 action, add a new Install Application action with the following settings:
      1. Name: Install – Microsoft Visual C++ 2005 SP1 – x86
      2. Install a Single Application: Install – Microsoft Visual C++ 2005 SP1 – x86-x64
    7. Repeat the previous step (add a new Install Application) to add the following applications:
      1. Install – Microsoft Visual C++ 2005 SP1 – x64
      2. Install – Microsoft Visual C++ 2008 SP1 – x86
      3. Install – Microsoft Visual C++ 2008 SP1 – x64
      4. Install – Microsoft Visual C++ 2010 SP1 – x86
      5. Install – Microsoft Visual C++ 2010 SP1 – x64
      6. Install – Microsoft Visual C++ 2012 Update 4 – x86
      7. Install – Microsoft Visual C++ 2012 Update 4 – x64
      8. Install – Microsoft Office 2013 Pro Plus – x86
    8. After the Install – Microsoft Office 2013 Pro Plus – x86 action, add a new Restart computer action.
  3. Click OK.

Optional configuration: Add a suspend action

The goal when creating a reference image is of course to automate everything. But sometimes you have a special configuration or application setup that is too time-consuming to automate. If you need to do some manual configuration, you can add a little-known feature called Lite Touch Installation (LTI) Suspend. If you add the LTISuspend.wsf script as a custom action in the task sequence, it will suspend the task sequence until you click the Resume Task Sequence shortcut icon on the desktop. In addition to using the LTI Suspend feature for manual configuration or installation, you can also use it simply for verifying a reference image before you allow the task sequence to continue and use Sysprep and capture the virtual machine.

figure 8

Figure 8. A task sequence with optional Suspend action (LTISuspend.wsf) added.

figure 9

Figure 9. The Windows 10 desktop with the Resume Task Sequence shortcut.

Edit the Unattend.xml file for Windows 10 Enterprise

When using MDT, you don’t need to edit the Unattend.xml file very often because most configurations are taken care of by MDT. However if, for example, you want to configure Internet Explorer 11 behavior, then you can edit the Unattend.xml for this. Editing the Unattend.xml for basic Internet Explorer settings is easy, but for more advanced settings, you will want to use Internet Explorer Administration Kit (IEAK).

Note
You also can use the Unattend.xml to enable components in Windows 10, like the Telnet Client or Hyper-V client. Normally we prefer to do this via the Install Roles and Features action, or using Deployment Image Servicing and Management (DISM) command-line tools, because then we can add that as an application, being dynamic, having conditions, and so forth. Also, if you are adding packages via Unattend.xml, it is version specific, so Unattend.xml must match the exact version of the operating system you are servicing.

Follow these steps to configure Internet Explorer settings in Unattend.xml for the Windows 10 Enterprise x64 RTM Default Image task sequence:

  1. Using the Deployment Workbench, right-click the Windows 10 Enterprise x64 RTM Default Image task sequence and select Properties.
  2. In the OS Info tab, click Edit Unattend.xml. MDT now generates a catalog file. This will take a few minutes, and then Windows System Image Manager (Windows SIM) will start.
  3. In Windows SIM, expand the 4 specialize node in the Answer File pane and select the amd64_Microsoft-Windows-IE-InternetExplorer_neutral entry.
  4. In the amd64_Microsoft-Windows-IE-InternetExplorer_neutral properties window (right-hand window), set the following values:
    • DisableDevTools: true
  5. Save the Unattend.xml file, and close Windows SIM.
  6. On the Windows 10 Enterprise x64 RTM Default Image Properties, click OK.

figure 10

Figure 10. Windows System Image Manager with the Windows 10 Unattend.xml.

Configure the MDT deployment share rules

Understanding rules is critical to successfully using MDT. Rules are configured using the Rules tab of the deployment share’s properties. The Rules tab is essentially a shortcut to edit the CustomSettings.ini file that exists in the E:\MDTBuildLab\Control folder. This section discusses how to configure the MDT deployment share rules as part of your Windows 10 Enterprise deployment.

MDT deployment share rules overview

In MDT, there are always two rule files: the CustomSettings.ini file and the Bootstrap.ini file. You can add almost any rule to either; however, the Bootstrap.ini file is copied from the Control folder to the boot image, so the boot image needs to be updated every time you change that file. For that reason, add only a minimal set of rules to Bootstrap.ini, such as which deployment server and share to connect to – the DEPLOYROOT value. Put the other rules in CustomSettings.ini because that file is updated immediately when you click OK. By taking the following steps, you will configure the rules for the MDT Build Lab deployment share:

  1. Using the Deployment Workbench, right-click the MDT Build Lab deployment share and select Properties.
  2. Select the Rules tab and modify using the following information:
    syntax

 

  • [Settings]
    Priority=Default
    [Default]
    _SMSTSORGNAME=Contoso
    UserDataLocation=NONE
    DoCapture=YES
    OSInstall=Y
    AdminPassword=P@ssw0rd
    TimeZoneName=Pacific Standard Time 
    JoinWorkgroup=WORKGROUP
    HideShell=YES
    FinishAction=SHUTDOWN
    DoNotCreateExtraPartition=YES
    WSUSServer=http://mdt01.contoso.com:8530
    ApplyGPOPack=NO
    SLSHARE=\\MDT01\Logs$
    SkipAdminPassword=YES
    SkipProductKey=YES
    SkipComputerName=YES
    SkipDomainMembership=YES
    SkipUserData=YES
    SkipLocaleSelection=YES
    SkipTaskSequence=NO
    SkipTimeZone=YES
    SkipApplications=YES
    SkipBitLocker=YES
    SkipSummary=YES
    SkipRoles=YES
    SkipCapture=NO
    SkipFinalSummary=YES
    

    figure 11

    Figure 11. The server-side rules for the MDT Build Lab deployment share.

  • Click Edit Bootstrap.ini and modify using the following information:
    syntax
  • Settings]
    Priority=Default
    [Default]
    DeployRoot=\\MDT01\MDTBuildLab$
    UserDomain=CONTOSO
    UserID=MDT_BA
    UserPassword=P@ssw0rd
    SkipBDDWelcome=YES
    

    figure 12

    Figure 12. The boot image rules for the MDT Build Lab deployment share.

    Note
    For security reasons, you normally don’t add the password to the Bootstrap.ini file; however, because this deployment share is for creating reference image builds only, and should not be published to the production network, it is acceptable to do so in this situation.

  • In the Windows PE tab, in the Platform drop-down list, select x86.
  • In the Lite Touch Boot Image Settings area, configure the following settings:
    1. Image description: MDT Build Lab x86
    2. ISO file name: MDT Build Lab x86.iso
  • In the Windows PE tab, in the Platform drop-down list, select x64.
  • In the Lite Touch Boot Image Settings area, configure the following settings:
    1. Image description: MDT Build Lab x64
    2. ISO file name: MDT Build Lab x64.iso
  • Click OK.

 

Note
In MDT, the x86 boot image can deploy both x86 and x64 operating systems (except on computers based on Unified Extensible Firmware Interface).

Update the deployment share

After the deployment share has been configured, it needs to be updated. This is the process when the Windows Windows PE boot images are created.

  1. Using the Deployment Workbench, right-click the MDT Build Lab deployment share and select Update Deployment Share.
  2. Use the default options for the Update Deployment Share Wizard.

Note
The update process will take 5 to 10 minutes.

The rules explained

Now that the MDT Build Lab deployment share (the share used to create the reference images) has been configured, it is time to explain the various settings used in the Bootstrap.ini and CustomSettings.ini files.

The Bootstrap.ini and CustomSettings.ini files work together. The Bootstrap.ini file is always present on the boot image and is read first. The basic purpose for Bootstrap.ini is to provide just enough information for MDT to find the CustomSettings.ini.

The CustomSettings.ini file is normally stored on the server, in the Deployment share\Control folder, but also can be stored on the media (when using offline media).

Note
The settings, or properties, that are used in the rules (CustomSettings.ini and Bootstrap.ini) are listed in the MDT documentation, in the Microsoft Deployment Toolkit Reference / Properties / Property Definition section.

The Bootstrap.ini file

The Bootstrap.ini file is available via the deployment share’s Properties dialog box, or via the E:\MDTBuildLab\Control folder on MDT01.

syntax
[Settings]
Priority=Default
[Default]
DeployRoot=\\MDT01\MDTBuildLab$
UserDomain=CONTOSO
UserID=MDT_BA
UserPassword=P@ssw0rd
SkipBDDWelcome=YES

So, what are these settings?

  • Priority. This determines the order in which different sections are read. This Bootstrap.ini has only one section, named [Default].
  • DeployRoot. This is the location of the deployment share. Normally, this value is set by MDT, but you need to update the DeployRoot value if you move to another server or other share. If you don’t specify a value, the Windows Deployment Wizard prompts you for a location.
  • UserDomain, UserID, and UserPassword. These values are used for automatic log on to the deployment share. Again, if they are not specified, the wizard prompts you.

    Note
    Caution is advised. These values are stored in clear text on the boot image. Use them only for the MDT Build Lab deployment share and not for the MDT Production deployment share that you learn to create in the next topic.

  • SkipBDDWelcome. Even if it is nice to be welcomed every time we start a deployment, we prefer to skip the initial welcome page of the Windows Deployment Wizard.

Note
All properties beginning with “Skip” control only whether to display that pane in the Windows Deployment Wizard. Most of the panes also require you to actually set one or more values.

The CustomSettings.ini file

The CustomSettings.ini file, whose content you see on the Rules tab of the deployment share Properties dialog box, contains most of the properties used in the configuration.

syntax
[Settings]
Priority=Default
[Default]
_SMSTSORGNAME=Contoso
UserDataLocation=NONE
DoCapture=YES
OSInstall=Y
AdminPassword=P@ssw0rd
TimeZoneName=Pacific Standard Time 
JoinWorkgroup=WORKGROUP
HideShell=YES
FinishAction=SHUTDOWN
DoNotCreateExtraPartition=YES
WSUSServer=http://mdt01.contoso.com:8530
ApplyGPOPack=NO
SLSHARE=\\MDT01\Logs$
SkipAdminPassword=YES
SkipProductKey=YES
SkipComputerName=YES
SkipDomainMembership=YES
SkipUserData=YES
SkipLocaleSelection=YES
SkipTaskSequence=NO
SkipTimeZone=YES
SkipApplications=YES
SkipBitLocker=YES
SkipSummary=YES
SkipRoles=YES
SkipCapture=NO
SkipFinalSummary=YES
  • Priority. Has the same function as in Bootstrap.ini. Priority determines the order in which different sections are read. This CustomSettings.ini has only one section, named [Default]. In general, if you have multiple sections that set the same value, the value from the first section (higher priority) wins. The rare exceptions are listed in the ZTIGather.xml file.
  • _SMSTSORGNAME. The organization name displayed in the task sequence progress bar window during deployment.
  • UserDataLocation. Controls the settings for user state backup. You do not need to use when building and capturing a reference image.
  • DoCapture. Configures the task sequence to run the System Preparation (Sysprep) tool and capture the image to a file when the operating system is installed.
  • OSInstall. Must be set to Y or YES (the code actually just looks for the Y character) for the setup to proceed.
  • AdminPassword. Sets the local Administrator account password.
  • TimeZoneName. Establishes the time zone to use. Don’t confuse this value with TimeZone, which is only for legacy operating systems (Windows 7 and Windows Server 2003).

    Note
    The easiest way to find the current time zone name on a Windows 10 machine is to run tzutil /g in a command prompt. You can also run tzutil /l to get a listing of all available time zone names.

  • JoinWorkgroup. Configures Windows to join a workgroup.
  • HideShell. Hides the Windows Shell during deployment. This is especially useful for Windows 8.1 deployments in which the deployment wizard will otherwise appear behind the tiles.
  • FinishAction. Instructs MDT what to do when the task sequence is complete.
  • DoNotCreateExtraPartition. Configures the task sequence not to create the extra partition for BitLocker. There is no need to do this for your reference image.
  • WSUSServer. Specifies which Windows Server Update Services (WSUS) server (and port, if needed) to use during the deployment. Without this option MDT will use Microsoft Update directly, which will increase deployment time and limit your options of controlling which updates are applied.
  • SLSHARE. Instructs MDT to copy the log files to a server share if something goes wrong during deployment, or when a deployment is successfully completed.
  • ApplyGPOPack. Allows you to deploy local group policies created by Microsoft Security Compliance Manager (SCM).
  • SkipAdminPassword. Skips the pane that asks for the Administrator password.
  • SkipProductKey. Skips the pane that asks for the product key.
  • SkipComputerName. Skips the Computer Name pane.
  • SkipDomainMemberShip. Skips the Domain Membership pane. If set to Yes, you need to configure either the JoinWorkgroup value or the JoinDomain, DomainAdmin, DomainAdminDomain, and DomainAdminPassword properties.
  • SkipUserData. Skips the pane for user state migration.
  • SkipLocaleSelection. Skips the pane for selecting language and keyboard settings.
  • SkipTimeZone. Skips the pane for setting the time zone.
  • SkipApplications. Skips the Applications pane.
  • SkipBitLocker. Skips the BitLocker pane.
  • SkipSummary. Skips the initial Windows Deployment Wizard summary pane.
  • SkipRoles. Skips the Install Roles and Features pane.
  • SkipCapture. Skips the Capture pane.
  • SkipFinalSummary. Skips the final Windows Deployment Wizard summary. Because you use FinishAction=Shutdown, you don’t want the wizard to stop in the end so that you need to click OK before the machine shuts down.

Build the Windows 10 reference image

Once you have created your task sequence, you are ready to create the Windows 10 reference image. This will be performed by launching the task sequence from a virtual machine which will then automatically perform the reference image creation and capture process. This steps below outline the process used to boot a virtual machine using an ISO boot image created by MDT, and then execute the reference image task sequence image to create and capture the Windows 10 reference image.

  1. Copy the E:\MDTBuildLab\Boot\MDT Build Lab x86.iso on MDT01 to C:\ISO on the Hyper-V host.

    Note
    Remember, in MDT you can use the x86 boot image to deploy both x86 and x64 operating system images. That’s why you can use the x86 boot image instead of the x64 boot image.

  2. Create a virtual machine with the following settings:
    1. Name: REFW10X64-001
    2. Location: C:\VMs
    3. Memory: 1024 MB
    4. Network: External (The network that is connected to the same infrastructure as MDT01 is)
    5. Hard disk: 60 GB (dynamic disk)
    6. Image file: C:\ISO\MDT Build Lab x86.iso
  3. Take a snapshot of the REFW10X64-001 virtual machine, and name it Clean with MDT Build Lab x86 ISO.

    Note
    Taking a snapshot is useful if you need to restart the process and want to make sure you can start clean.

  4. Start the REFW10X64-001 virtual machine. After booting into Windows PE, complete the Windows Deployment Wizard using the following settings:
    1. Select a task sequence to execute on this computer: Windows 10 Enterprise x64 RTM Default Image
    2. Specify whether to capture an image: Capture an image of this reference computer
      • Location: \\MDT01\MDTBuildLab$\Captures
    3. File name: REFW10X64-001.wim

      figure 13

      Figure 13. The Windows Deployment Wizard for the Windows 10 reference image.

  5. The setup now starts and does the following:
    1. Installs the Windows 10 Enterprise operating system.
    2. Installs the added applications, roles, and features.
    3. Updates the operating system via your local Windows Server Update Services (WSUS) server.
    4. Stages Windows PE on the local disk.
    5. Runs System Preparation (Sysprep) and reboots into Windows PE.
    6. Captures the installation to a Windows Imaging (WIM) file.
    7. Turns off the virtual machine.

After some time, you will have a Windows 10 Enterprise x64 image that is fully patched and has run through Sysprep, located in the E:\MDTBuildLab\Captures folder on your deployment server. The file name is REFW10X64-001.wim.

Get started with the Microsoft Deployment Toolkit (MDT)

Deploy a Windows 10 image using MDT

Build a distributed environment for Windows 10 deployment

Refresh a Windows 7 computer with Windows 10

Replace a Windows 7 computer with a Windows 10 computer

Configure MDT settings